none

1. DEBRE MARKOS UNIVERSITY
BURIE CAMPUS
DEPARTMENT OF COMPUTER SCIENCE
Computer Security
By:
Amare W.

2. Chapter 3: Cryptography and Encryption Techniques
3.1 Basic cryptographic terms
♥ It is the science concerned with data communication and storage in
secure and usually secret form.
♥ It is the technology which is applied in implementing computer
security.
♥ Cryptology is the branch of science that deals with secret
communications.
♥ Cryptography—the name means secret writing—is probably the
strongest defense in the arsenal of computer security protection.
♥ Well-disguised data cannot easily be read, modified, or fabricated.

3. 04/04/2025
3/2/2018
♥ It is the study of Cryptosystems.
 Cryptosystems are the techniques for ensuring the secrecy and/or
authenticity of information.
♥ It has two main branches: cryptography and cryptanalysis.
 Cryptography is the study of designing the techniques of cryptosystem. It
designs the secret codes and ciphers.
 Cryptanalysis deals with defeating such techniques, to recover
information. It deals with “breaking” and reading secret codes and
ciphers.
 A cryptanalyst studies encryption and encrypted messages, hoping to

4. 04/04/2025
3/2/2018
Encryption and Decryption
 Encryption: Process of encoding (enciphering) a message so that its meaning
is not obvious.The process by which plaintext is converted into ciphertext.
 The original form of a message is known as plaintext, and the encrypted form is
called ciphertext. The transformation of the plaintext under the control of the
key into a cipher (also called ciphertext).
 Decryption: Process of decoding (deciphering or transforming) an encrypted
message to its original form. Recovering plaintext from the ciphertext.
 The inverse operation, by which a legitimate receiver recovers the concealed
information from the cipher using the key.

5. 04/04/2025
3/2/2018
♥ Symmetric Encryption Scheme (Cryptography) has five
ingredients:
1. Plaintext
2. Encryption algorithm
3. Secret Key
4. Ciphertext
5. Decryption algorithm
Plaintext (P): original form of message (source info.)
Cipher text (C): encrypted message
Encryption algorithm: E
Decryption algorithm: D
Secret Key: K

6. 04/04/2025
3/2/2018
Description:
♥ A sender S wanting to transmit message M to a receiver R
♥ To protect the message M, the sender first encrypts it into
an unintelligible message M’
♥ After receipt of M’, R decrypts the message to obtain M
♥ M is called the plaintext : What we want to encrypt
♥ M’ is called the ciphertext: The encrypted output

7. 04/04/2025
3/2/2018
Notation:
♥ Given
 P=Plaintext
 C=CipherText
♥ C = EK
(P) Encryption
♥ P = DK
( C) Decryption
♥ A cryptosystem involves a set of rules for how to encrypt the plaintext and
decrypt the ciphertext.
♥ The encryption and decryption rules, called algorithms, often use a device
called a key, denoted by K, so that the resulting ciphertext depends on the
original plaintext message, the algorithm, and the key value.
♥ Secret key (K): The secret information known only to the transmitter
and the receiver which is used to secure the plaintext.

8. 04/04/2025
3/2/2018
♥ Security depends on the secrecy of the key, not the secrecy of the
algorithm.
Principle of Encryption
♥ Very hard (impossible) to find out the message without knowing the
key
♥ Very easy (and fast) to find out the message knowing the key
♥ The two types of attack on an encryption algorithm are:
1) Cryptanalysis, based on properties of the encryption algorithm, and
2) Brute-force, which involves trying all possible keys.

9. 04/04/2025
3/2/2018
Types of Cryptosystems
♥ There are two cryptographic systems
1. Symmetric cryptosystem
♥ Also called secret key encipherment or secret/private key
cryptosystems.
♥ It is a form of cryptosystem in which encryption and decryption are
performed using the same key.
♥ Transforms plaintext into ciphertext using a secret key and an
encryption algorithm. Using the same key and a decryption
algorithm, the plaintext is recovered from the ciphertext.
♥ The key has to be kept secret, and has to be communicated using a

10. 04/04/2025
3/2/2018
2. Asymmetric cryptosystem
♥ Also called public-key cryptosystem
 Keys for encryption and decryption are different but form
a unique pair
 Only one of the keys need to be private while the other
can be public
♥ to send a secure message to the receiver, the sender first
encrypts the message by using the receiver ‘s public key.
♥ to decrypt the message, the receiver uses his own private key.

11. 04/04/2025
3/2/2018
Classical Encryption Techniques
♥ They are traditional symmetric cryptosystems
♥ They are simple cryptosystems
i. Substitution techniques: map plaintext elements (characters,
bits) in to cipher text elements.
ii. Transposition techniques: systematically transpose the
positions of plaintext elements (rearrange their orders).

12. 04/04/2025
3/2/2018
Substitution ciphers
♥ A substitution cipher is one in which the letters of plaintext are
replaced by other letters or by numbers or symbols.
♥ Substitution ciphers can be categorized as either
a. Monoalphabetic ciphers
b. Polyalphabetic ciphers
I. Monoalphabetic ciphers
♥ In this case, a character ( or symbol) in the plaintext is always
changed to the same character (or symbol) in the ciphertext
regardless of its position or text.
• For example, if the algorithm says that letter A in the plaintext is
changed to letter D, every letter A is changed to letter D.
• The relationship in between plaintext and ciphertext is one-to-one.

13. 04/04/2025
3/2/2018
Cont’d
♥ Example: The following example shows a plaintext and the
corresponding ciphertext.
♥ We use the lowercase characters to show the plaintext and
uppercase characters to show the ciphertexts.
♥ The cipher is monoalphbetic because both the l’s are encrypted
as O’s:
Plaintext: hello Ciphertext: KHOOR

14. 04/04/2025
3/2/2018
Cont’d
♥ The group of monoalphabetic ciphers includes:
i. Additive ciphers or Caesar ciphers
ii. Multiplicative ciphers
iii. Affine ciphers
i. Additive ciphers:
• This is the simplest monoalphabetic cipher.
• We assume that the plaintext contains the
lowercase characters (a to z) and the ciphertext
contain the upper text characters (A to Z) as
follows:

15. 04/04/2025
3/2/2018
♥ the Figure, each character is assigned an integer in Z26 .
♥ The secret key is also an integer in Z26
♥ The encryption algorithm adds the key to the plaintext
characters and the decryption algorithm subtracts the key
from the ciphertext characters.
♥ Then the algorithm can be expressed as follows:
For each plaintext letter P, substitute the ciphertext letter C:
(a mod n is the remainder when a is divided by n.
E.g. 11 mod 7 = 4)

16. 04/04/2025
3/2/2018
♥ The encryption algorithm is
C = E(k, P) = (P + k) mod 26 ; where k takes a value in the range 1 to 25.
 The decryption algorithm is simply
P = D(k, C) = (C - k) mod 26 ; where k takes a value in the range 1 to 25.
Example: Use the additive cipher with key =15 to encrypt the message “hello”.
Soln. : We apply the encryption algorithm to the plaintext character by
character
Plaintext : h  07 Encryption: (07+15)mod 26 Ciphertext: 22 W
Plaintext : e  04 Encryption: (04+15)mod 26 Ciphertext: 19  T
Plaintext : l  11 Encryption: (11+15)mod 26 Ciphertext: 00  A
Plaintext : l  11 Encryption: (11+15)mod 26 Ciphertext: 00  A
Plaintext : o  14 Encryption: (14+15)mod 26 Ciphertext: 03  D
So, the result is “WTAAD”
Note: By using the reverse decrypt algorithm, we can now decrypt the
ciphertext “WTAAD”.

17. 04/04/2025
3/2/2018
♥ Additive cipher is also called as shift cipher. The reason is
that the encryption algorithm can be interpreted as “shift
key character down” and the decryption algorithm can be
interpreted as “shift key character up”.
• Three important characteristics of this problem enabled us
to use a brute-force cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily
recognizable.

18. 04/04/2025
3/2/2018
♥ Julius Caesar used an additive cipher to communicate
with his officers. For this reason, this cipher is also
sometimes called as caesar cipher.
♥ Caesar Cipher: The earliest known example of a
substitution cipher in which each character of a
message is replaced by a character three position down
in the alphabet. For example:
 Plaintext: are you ready
 Ciphertext: duh brx uhdgb

19. 04/04/2025
3/2/2018
ii. Multiplicative cipher:
♥ In this cipher, the encryption algorithm specifies the
multiplication of the plaintext by the key and the decryption
algorithm specifies the division of the ciphertext by the key.
♥ Since operations are in Z26, decryption here means
multiplying by the multiplicative inverse of the key.
 The general multiplicative encryption algorithm is
C = E(k, P) = (P * k) mod 26 ; where k takes on a value
in the range 1 to 25.
 The general multiplicative decryption algorithm is
P = D(k, C) = (C*k-1) mod 26 ; where k takes on a value
in the range 1 to 25.

20. 04/04/2025
3/2/2018
♥ Example: Use the multiplicative cipher with key =7 to encrypt the message
“hello”.;
Soln.: We apply the encryption algorithm to the plaintext character by
character
Plaintext :h  07 Encryption: (07*07)mod 26 Ciphertext: 23 X
Plaintext : e  04 Encryption: (04*07)mod 26 Ciphertext: 02 C
Plaintext : l  11 Encryption: (11*07)mod 26 Ciphertext: 25 
Z
Plaintext : l  11 Encryption: (11*07)mod 26 Ciphertext: 25 Z
Plaintext : o  14 Encryption: (14*07)mod 26 Ciphertext: 20 
U
So, the result is “XCZZU”
Note: By using the reverse decrypt algorithm, we can now decrypt the
ciphertext “XCZZU”. (Use K-1
= 15)

21. 04/04/2025
3/2/2018
iii. Affine cipher:
♥ Affine cipher is a combination of additive and multiplicative
ciphers with a pair of keys.
♥ The first key is used with multiplicative cipher and the second
key is used with the additive cipher.
♥ Affine cipher is actually two ciphers applied one after the other.
♥ In the affine cipher, the relations between the plaintext and
ciphertext are
C = E(k1, k2 ; P) = (P * k1 + k2 )mod 26 and P = D(C; k1, k2) = ((C -
k2 )*k1
-1
)mod 26

22. 04/04/2025
3/2/2018
♥ Example: Use the affine cipher with key pair (7, 2) to encrypt the message
“hello”.
♥ Soln. : We use 7 for the multiplicative key and 2 for the additive key.
♥ We apply the encryption algorithm to the plaintext character by character
Plaintext : h  07 Encryption: (07*07+2)mod 26 Ciphertext: 25  Z
Plaintext : e  04 Encryption: (04*07+2)mod 26 Ciphertext: 04  E
Plaintext : l  11 Encryption: (11*07+2)mod 26 Ciphertext: 01  B
Plaintext : l  11 Encryption: (11*07+2)mod 26 Ciphertext: 01  B
Plaintext : o  14 Encryption: (14*07+2)mod 26 Ciphertext: 22 W
So, the result is “ZEBBW”.
Note: By using the reverse decrypt algorithm, we can now decrypt the ciphertext
“ZEBBW”.

23. 04/04/2025
3/2/2018
♥ Because additive, multiplicative and affine ciphers have small key
domain, they are vulnerable to brute-force attack.
♥ A brute-force attack involves trying every possible key until an
intelligible translation of the ciphertext into plaintext is obtained. On
average, half of all possible keys must be tried to achieve success.
♥ After the sender and the receiver agreed Ki a single key, that key is
used to encrypt each letter in the plaintext or decrypt each letter in
the ciphertext.
♥ A better solution is to create a mapping in between each letter of the
plaintext and each letter of the ciphertext.

24. 04/04/2025
3/2/2018
II Polyalphabetic cipher
♥ In this kind of cipher, each occurrence of character may have a different
substitute. The relationship between the characters in the plaintext and the
characters in ciphertext is one-to-many.
♥ For example, ‘a’ could be enciphered as ‘D’ in the beginning, but as ‘N’ in
the middle. Polyalphabetic ciphers have the advantage of hiding the letter
frequency of the underlying language.
♥ To create a polyalphabetic cipher, we need to make each ciphertext character
dependent on both the plaintext character and the position of the plaintext
character.
♥ We need to have a key stream k= (k1, k2, k3,…) in which ki is used to encipher
the ith
character in the plaintext to create the ith
character in the ciphertext.

25. 04/04/2025
3/2/2018
♥ The group of polyalphabetic ciphers includes:
1. Autokey cipher
♥ In this cipher, the key is a stream of sub keys, in which each sub key is used to
encrypt the corresponding character in the plaintext. The first sub key is a
predetermined value agreed upon by the sender and the receiver.
♥ The second sub key is the value of first plaintext character (between 0 and 25). The
third subkey is the value of second plaintext character and so on.
♥ The name of the cipher autokey implies that the sub keys are automatically
generated from the plaintext cipher characters during the encryption process.
P=P1P2P3… C=C1C2 C3… k=k1P1P2…
Encryption: Ci= (Pi+ki) mod 26
Decryption: Pi = (Ci – ki) mod 26

26. 04/04/2025
3/2/2018
Example: Encrypt the plaintext “attack is today” using the
initial key value k1 = 12.
Sol.: Here enciphering is done character by character.
Each character in the plaintext is first replaced by its integer
value as shown in the figure. The first sub-key is added to
create the first ciphertext character.
The rest of the key is created as the plaintext characters are
read.
We note that the cipher is polyalphabetic because the three
occurrences of “a” in the plaintext are encrypted differently.

27. 04/04/2025
3/2/2018
2. Playfair cipher
•The secret key in this cipher is made of 25 alphabetic letters
arranged in 5×5 matrix.
•Different arrangements of the letters of the matrix can
create many different secret keys. One of the possible
arrangements has been shown in the following figure:
• Before encryption, if the two letters in a pair are same, a
bogus letter is inserted in between to separate them.
• After inserting bogus letters, if the number of characters in
the plaintext is odd, one extra bogus character is added at
the end to make the number of characters even.

28. 04/04/2025
3/2/2018
 The cipher uses three rules for encryption:
i. If the two letters in a pair is located in the same row of the secret
key, the corresponding encrypted character for each letter is the next
letter to the right in the same row ( with wrapping to the beginning
of the row if the plaintext letter is the last character in the row)
ii. If the two letters in a pair are located in the same column of the
secret key, the corresponding encrypted character for each letter is
the letter beneath it in the same column ( with wrapping to the
beginning of the column if the plaintext letter is the last character in
the column).
iii. If the two letters in a pair are not in the same row or column of the
secret, the corresponding encrypted character for each letter is
a letter that is in its own row but in the same column as the other
letter.

29. 04/04/2025
3/2/2018
• In Playfair cipher, the key is a stream of subkeys in which the
subkeys are created two at a time.
• The encryption algorithm takes a pair of characters from plaintext &
creates a pair of ciphertext by following the above-mentioned rules
• We can say that the key stream depends on the position of the
characters of the plaintext.
 P=P1P2P3...... C=C1C2C3… k= ((k1, k2), (k3, k4),… )
Encryption : Ci= ki Decryption : Pi = ki
Example: Encrypt the plaintext ‘attack’ by using the key in the above
matrix.
Sol. : When we group the letters in two-character pair, we get “at, ta,
ck”.
at -> BP ta -> PB ck->FP
Ciphertext: BPPBFP

30. 04/04/2025
3/2/2018
3. Vegenere cipher
• This cipher was designed by Blaise de Vegenere, a sixteenth
century French mathematician.
• A Vegenere cipher uses a different strategy to create the key
stream.
• The key stream is a repetition of an initial secret key stream
of length m, where we have 1≤m≤26.
• The cipher can be described as follows where (k1,k2,…, km) is
the initial secret key agreed by the sender and the receiver.
 P=P1P2… C= C1C2… K=[(k1, k2,…,km), (k1, k2,…,km), ….]
Encryption: Ci =( Pi+ ki )mod 26
Decryption: Pi =( Ci - ki )mod 26

31. 04/04/2025
3/2/2018
• The difference between the Vegenere cipher and the other two
polyalphabetic ciphers is that the Vegenere key stream does not
depend on the plaintext characters; it depends only on the position of
the character in the plaintext.
• In other words, the key stream can be created without knowing what
the plaintext is.
Example: Encrypt the message “she is listening” using the 6-character
keyword “PASCAL”.
Sol.: The initial key stream is (15, 0, 18, 2, 0, 11). The key stream is the
repetition of this initial key stream.

32. 04/04/2025
3/2/2018
Transposition Techniques
♥ Systematically transpose the positions of plaintext elements (rearrange
their orders). A transposition cipher does not substitute one symbol for
another, instead it changes the location of the symbols.
♥ A symbol in the first position of the plaintext may appear in the tenth
position of the ciphertext. A symbol in the eighth position in the
plaintext may appear in the first position of the ciphertext.
♥ In the other words, a transposition cipher reorders (transposes) the
symbols. This group of ciphers include:
1. Keyless transposition ciphers
2. Keyed transposition ciphers

33. 04/04/2025
3/2/2018
1. Keyless Transposition ciphers
♥ The simple transposition ciphers are keyless. There are two methods
for permutation of characters .
♥ In the first method, the text is written into a table column by column
and then transmitted row by row.
♥ In the second method, the text is written into the table row by row
and then transmitted column by column. Example: Rail fence cipher
♥ In this cipher the plaintext is arranged in two lines as a zigzag
pattern ( which means column by column); the ciphertext is created
by reading the pattern row by row.

34. 04/04/2025
3/2/2018
♥ For example, to send the message “ meet me at the park” to the
receiver, the sender writes
♥ He then creates the ciphertext “ MEMATEAKETETHPR” by
sending the first row followed by the second row
♥ The receiver receives the ciphertext and divides it in half ( in
this case the second half has one less character)
♥ The first half forms the first row; the second half the second
row. The receiver reads the result in zigzag.

35. 04/04/2025
3/2/2018
2. Keyed Transposition cipher:
♥ The keyless ciphers permutes the characters by using writing
plaintext in one way (row by row , for example) and reading it in
another way (column by column , for example).
♥ The permutation is done on the whole plaintext to create the
whole ciphertext.
♥ Another method is to divide the plain text into groups of
predetermined size, called blocks, and then use a key to permute
the characters in each block separately.

36. 04/04/2025
3/2/2018
Example: The sender needs to send the message” enemy
attacks tonight”
 In this case, both agreed to divide the text into groups of
five characters and then permute the characters in each
group.
 The following show the grouping after adding a bogus
character at the end to make the last group the same size as
the others.
enemy attac kston ightz
 The key used for encryption and decryption is a
permutation key, which shows how the character are
permuted.
 For this message, assume that the sender and the receiver
used the following key

37. 04/04/2025
3/2/2018
♥ The third character in the plaintext block becomes the first
character in the ciphertext block; the first character in the
plaintext block becomes the second character in the
ciphertext block; and so on. The permutation yields
EEMYNTAACTTKONSHITZG
♥ The receiver divides the ciphertext into 5-character groups
and , using the key in the reverse order, finds the plaintext.

38. 04/04/2025
3/2/2018
Symmetric key cryptography
Block Ciphers
♥ A symmetric encryption algorithms in which a large block of plaintext
bits (typically 64) is transformed as a whole into a ciphertext block of
the same length.
♥ Block ciphers operate on blocks of plaintext and ciphertext- usually of
64 bits but sometimes longer.
♥ The groups of bits are called blocks. For modern computer algorithms,
a typical block size is 64 bits.
♥ Block ciphers operate on blocks of a message and apply the encryption
algorithm to an entire message block at the same time.

39. 04/04/2025
3/2/2018
♥ With a block cipher, the same plaintext block will always encrypt to
the same ciphertext block, using the same key.
♥ A block cipher is an encryption/decryption scheme in which a block
of plaintext is treated as a whole and used to produce a ciphertext
block of equal length. It may be viewed as a simple substitution
cipher with large character size.
♥ The function is parameterized by a k-bit key K, taking values from a
subset K (the key space) of the set of all k-bit vectors Vk.
♥ n-bit block cipher takes n bit plaintext and produces n bit ciphertext.
2n
possible different plaintext blocks (inputs) will be there.

40. 04/04/2025
3/2/2018
Widely used block Ciphers
Some of the block cipher algorithms widely used today are the
following:
i. DES (Data Encryption Standard)
ii. Triple DES
iii. AES (Advanced Encryption Standard)

41. 04/04/2025
3/2/2018
Block Ciphers: Data Encryption Standard (DES)
♥ The Data Encryption Standard, known as DES, is a simple block cipher
developed way back in the 1970s. The design is based on the Lucifer
cipher, a Feistel cipher developed by IBM.
♥ It is the most widely used encryption scheme. The plaintext is 64-bits in
length, and the key is 56-bits in length.
♥ There are 16 rounds of processing. From the original 56-bit key, 16
subkeys are generated, one of which is used for each round.
♥ With a key length of 56 bits, there are 256
possible keys, which is
approximately 7.2 X 1016
keys. Thus, on the face of it, a brute-force
attack appears impractical.

42. 04/04/2025
3/2/2018
Block Ciphers: DES
♥ Outline of the DES Algorithm: DES operates on two inputs to the
encryption function:
 a 64-bit block of plaintext to be encrypted and the 56-bit key k.
♥ Note: Actually, the function expects a 64-bit key as input. However,
only 56 of these bits are ever used; the other 8 bits (8th
, 16th
, 24th
,
…,64th
) can be used as parity bits or simply set arbitrarily.
♥ The processing of the plaintext proceeds in four phases: In first
phase, the 64-bit plaintext passes through an initial permutation (IP)
that rearranges the bits to produce the permuted input. This permuted
input is then broken into a right half and a left half, each 32-bits
long.

43. 04/04/2025
3/2/2018
♥ Second phase consists of 16 rounds of an identical operation, called the
function F, in which data are combined with the key.
♥ This phase consists of sixteen rounds of the same function, which
involves both permutation and substitution functions. In each round (see
Figure):
♥ The key bits are shifted, and then 48 bits are selected from the 56 bits of
the key.
♥ The right half of the data is expanded to 48 bits via an expansion
permutation, combined with 48 bits of a shifted and permuted key via an
XOR, sent through 8 S-boxes producing 32 new bits, and permuted again.

44. 04/04/2025
3/2/2018
♥ The output of Function F is then combined with the left half via
another XOR.
♥ The result of these operations becomes the new right half; the old
right half becomes the new left half. These operations are
repeated 16 times, making 16 rounds of DES.
♥ In the third phase, the output of the last (sixteenth) round consists
of 64 bits that are a function of the input plaintext and the key.
♥ The left and right halves of the output are swapped to produce the
preoutput.

45. 04/04/2025
3/2/2018
♥ In the final phase, the preoutput is passed through an inverse permutation
(IP-1
) of the initial permutation function, to produce the 64-bit ciphertext.
♥ The right-hand portion of the following Figure shows the way in
which the 56-bit key is used.
♥ Initially, the 64 bit key is passed through a permutation function, then 8
bits (k8,k16,k24,... ,k64) of K are discarded.
♥ Then, for each of the 16 rounds, a 48 bit subkey (Ki) is produced by
the combination of a left circular shift and a permutation from the
56 bit key.
♥ The permutation function is the same for each round, but a different
subkey is produced because of the repeated shifts of the key bits.

46. 04/04/2025
3/2/2018
Figure: General Depiction of DES Encryption Algorithm

47. 04/04/2025
3/2/2018
 Outline of the DES Algorithm
♥ With the exception of the initial and final permutations, DES
has the exact structure of a Feistel cipher, as shown in the
following Figure.
♥ For each round i = 1, 2, . . . , 16, new left and right halves are
computed according to the rule
Li = Ri−1
Ri = Li−1 ⊕ F(Ri−1,Ki )
where Ki is the subkey for round i.

48. 04/04/2025
3/2/2018
Figure: One round of DES
D
E
S
c
o
m
p
ut
at
io
n
p
a
T
h

49. 04/04/2025
3/2/2018
Block Ciphers: DES
♥ Unscrambling the previous diagram, we see that the DES round
function F can be written as follows.
F(Ri−1,Ki) = P-box(S-boxes(Expand(Ri−1) K
⊕ i))
♥ Since the DES block size is 64 bits, each Li and Ri is 32 bits. The
new left half is simply the old right half.
♥ The round function F is the composition of the expansion
permutation, addition of subkey, S-boxes, and P-box.
♥ The expansion permutation expands its input from 32 to 48 bits
(all bits are used once; some are used twice), and the 48 bit
subkey is XORed with the result.

50. 04/04/2025
3/2/2018
♥ The S-boxes then compress these 48 bits down to 32 bits
before the result is passed through the P-box. The P-box
output is then XORed with the old left half to obtain the new
right half.

51. 04/04/2025
3/2/2018
Block Ciphers: DES: DES FUNCTIONS IN DETAIL
Now let us describe each of the components of F.
1) The Initial Permutation
♥ The initial permutation and its inverse are defined by the
following tables.
♥ These tables, like all the other tables in this chapter, should be
read left to right, top to bottom.
♥ For example, the initial permutation moves bit 58 of the
plaintext to bit position 1, bit 50 to bit position 2, bit 42 to bit
position 3, and so forth.

52. 04/04/2025
3/2/2018
Figure: Initial and Final permutations in DES

53. 04/04/2025
3/2/2018
The tables are to be interpreted as follows.
• The input to a table consists of 64 bits numbered from 1 to 64.
• The 64 entries in the permutation table contain a permutation
of the numbers from 1 to 64.
• Each entry in the permutation table indicates the position of a
numbered input bit in the output, which also consists of 64 bits.
 To see that these two permutation functions are indeed the
inverse of each other, consider the following 64-bit input M,
where Mi is a binary digit:

54. 04/04/2025
3/2/2018
Then the permutation X= IP(M) is as follows:
 If we then take the inverse permutation
Y= IP-1
(X) = IP-1
(IP(M)),
it can be seen that the original ordering of the bits is restored.

55. 04/04/2025
3/2/2018
2) The Key Generation/Transformation
• Returning back to Figures of general depiction and one round
of DES, we see that a 64-bit key is used as input to the
algorithm.
• The bits of the key are numbered from 1 through 64; every
eighth bit is ignored, as indicated in the following table.
Table: Bits included
and excluded in
reducing the key size

56. 04/04/2025
3/2/2018
The key is first subjected to a permutation governed by a table labeled
Permuted Choice One (the following table). This is nothing but permutation
of numbers (referring to bit positions) in the left of the previous table.
Table: Permuted Choice One
 The resulting 56-bit key is then treated as two 28-bit quantities
 Each halves are separately subjected to a circular left shift, or rotation, of
1 or 2 bits, as governed by the following table.
Table: Number of key bits shifted per round

57. 04/04/2025
3/2/2018
• These shifted values serve as input to the next round. They
also serve as input to Permuted Choice Two, which produces a
48-bit output that serves as input to the function F(Ri-1, Ki).
• Because this operation permutes the order of the bits as well as
selects a subset of bits (48 bits from 56 bits are selected), it is
called a compression permutation.
Table: Permuted Choice Two (Compression Permutation)

58. 04/04/2025
3/2/2018
3) The Expansion Permutation
 This operation expands the right half of the data, Ri, from 32
bits to 48 bits. Because this operation changes the order of the
bits as well as repeats certain bits, it is known as an expansion
permutation.
 This operation has two purposes: It makes the right half the
same size as the key for the XOR operation and it provides a
longer result that can be compressed during the substitution
operation.

59. 04/04/2025
3/2/2018
4) The S-Box Substitution
 After the compressed key is XORed with the expanded block,
the 48-bit result moves to a substitution operation.
 The substitutions are performed by 8 substitution boxes, or S-
boxes. Each S-box has a 6-bit input and a 4-bit output, and
there are 8 different S-boxes.
 The 48 bits are divided into eight 6-bit sub-blocks. Each
separate block is operated on by a separate S-box: The first
block is operated on by S-box 1, the second block is operated
on by S-box 2, and so on.
Figure: S-Box
Substitution

60. 04/04/2025
3/2/2018
 Each S-box is a table of 4 rows and 16 columns. Each entry in
the box is a 4-bit number. The 6 input bits of the S-box specify
under which row and column number to look for the output.
 The following table shows all eight S-boxes

61. 04/04/2025
3/2/2018
 The input bits specify an entry in the S-box in a very particular
manner. Consider an S-box input of 6 bits, labeled b1b2b3b4b5 and b6.
 Bits b1 and b6 are combined to form a 2-bit number, from 0 to 3,
which corresponds to a row in the table.
 The middle 4 bits, b2 through b5 are combined to form a 4-bit
number, from 0 to 15, which corresponds to a column in the table.
 For example, assume that in the S1 101101. The first and last bits
combine to form 11, which corresponds to row 3 of the S-box.
 The middle 4 bits combine to form 0110, which corresponds to the
column 6 of the same S-box.
 The entry under row 3, column 6 of S-box 1 is 6. (Remember to
count rows and columns from 0 and not from 1). The value 0110 is
substituted for 101101.

62. 04/04/2025
3/2/2018
Block Ciphers: Triple DES
♥ A popular variant of DES is triple DES, or 3DES. 3DES was developed in 1999
by IBM – by a team led by Walter Tuchman. 3DES has a 168-bit key and
enciphers blocks of 64 bits.
♥ There are four versions of 3DES.
♥ The first simply encrypts the plaintext three times, using three different keys: K1,
K2, and K3
♥ It is known as DES-EEE3 mode (the Es indicate that there are three encryption
operations, where as the numeral 3 indicates that three different keys are used).
♥ DES-EEE3 can be expressed using the following notation, where E(K, P)
represents the encryption of plaintext P with key K :
♥ E(K1, E(K2, E(K3, P))) DES-EEE3 has an effective key length of 168 bits.

63. 04/04/2025
3/2/2018
Block Ciphers: Triple DES
♥ The second variant (DES-EDE3) also uses three keys but replaces the second encryption
operation with a decryption operation:
E(K1, D(K2, E(K3, P)))
♥ The third version of 3DES (DES-EEE2) uses only two keys, K1 and K2, as follows:
E(K1, E(K2, E(K1, P)))
♥ The fourth variant of 3DES (DES-EDE2) also uses two keys but uses a decryption
operation in the middle: E(K1, D(K2, E(K1, P)))
♥ Both the third and fourth variants have an effective key length of 112 bits.
♥ In DES-EDE2, the reason for using decryption as the second step is the backwards
compatibility with single DES when it is used with K1 = K2.
♥ That is when K1 = K2 = K then it collapses to single DES
C = E(D(E(P, K), K), K) = E(P, K).

64. Thank you